【发布时间】:2015-07-05 05:36:48
【问题描述】:
我正在尝试使用 PHP PDO 和提供的客户端证书连接到 Amazon RDS 上的 MySQL 数据库。实际证书位于:var/www/includes/database/certs/cert.pem
我正在设置 SSL 属性:
$dbh = new PDO('mysql:host=example.com;dbname=example', username, password, array(
PDO::MYSQL_ATTR_SSL_CERT=>'/var/www/includes/database/certs/cert.pem'
));
var_dump($db->query("SHOW STATUS LIKE 'Ssl_cipher';")->fetchAll());
/* Output */
#array(1) {
# [0]=>
# array(4) {
# ["Variable_name"]=>
# string(10) "Ssl_cipher"
# [0]=>
# string(10) "Ssl_cipher"
# ["Value"]=>
# string(10) "AES256-SHA"
# [1]=>
# string(10) "AES256-SHA"
# }
#}
这使它看起来像它的工作。 但是,如果我将属性更改为不正确的路径,例如/var/www/includes/database/a,我仍然会得到相同的密码输出,并且没有错误。很奇怪。现在目录/var/www/includes/database/a 不存在。当我创建那个文件夹a 并运行上面的脚本时,我终于得到了 SSL 错误:
#PHP Warning: PDO::__construct(): Unable to set local cert chain file `/var/www/includes/database/a'; Check that your cafile/capath settings include details of your certificate and its issuer in /var/www/includes/database/db_connect.php on line 11
#PHP Warning: PDO::__construct(): failed to create an SSL handle in /var/www/includes/database/db_connect.php on line 11
#PHP Warning: PDO::__construct(): Cannot connect to MySQL by using SSL in /var/www/includes/database/db_connect.php on line 11
#PHP Warning: PDO::__construct(): [2002] (trying to connect via tcp://example.com:3306) in /var/www/includes/database/db_connect.php on line 11
#PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000] [2002] ' in /var/www/includes/database/db_connect.php:11
- 为什么它似乎与一个不存在的目录正确连接?
- 为什么在我真正创建了那个目录之后才抛出错误?
- 如何确定 PDO 是通过 SSL 连接的(除了 wireshark)?
【问题讨论】: